<?php
/*
 * Created on Feb 11, 2005
 *
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */

require_once ($DOCUMENT_ROOT . '/includes/functions.php');

session_start ();

if (valid_user ())
{
	// new css include
	$header = '<link type="text/css" rel="StyleSheet" href="css/revised.css" />';
	
	do_header ('Change password', $header);
	
	do_menu ();
	
	echo "<h1>Change your password</h1>";
	
	// if info is entered handle it
	if ($submit)
	{
		if (($new1 == $new2) && (strlen ($new1) >= 6))
		{
			// set passwords up with encryption
			$cur = crypt ($cur, 'bobcat');
			$new1 = crypt ($new1, 'bobcat');
			
			// get user id from session
			$id = $_SESSION['valid_user'];
			
			db_connect ();
			
			$query = "SELECT pass FROM users WHERE name='$id'";
			$result = mysql_query ($query)
				or report_error ($PHP_SELF, mysql_error (), "cant grab password", $_SESSION['valid_user']);
			if ($cur == mysql_result ($result, 0))
			{
				$query = "UPDATE users SET pass='$new1' WHERE name='$id'";
				mysql_query ($query)
					or report_error ($PHP_SELF, mysql_error (), "password update failed", $_SESSION['valid_user']);
				echo "<p>Success: Password updated</p>";
			}
			else
			{
				//old password not verfied
				echo "<p>Failure: Old password is incorrect</p>";
				echo "<p><a href='$_PHP_SELF'>try again</a></p>";
			}
		}
		else
		{
			// new password is not verified
			echo "<p>Failure: New password not equivalent or not long enough</p>";
			echo "<p><a href='$_PHP_SELF'>try again</a></p>";
		}
	}
	else
	{
		echo "<h2>Logged in as: $_SESSION[valid_user]</h2>";
?>
	<form method="post" action="<?php echo $_PHP_SELF; ?>">
		<p>current password:<br />
		<input type="password" name="cur" size="20"></p>
		<p>passwords must be at least 6 characters in length
		<br />new password:<br />
		<input type="password" name="new1" size="20"><br />
		verify new password:<br />
		<input type="password" name="new2" size="20"></p>
		<input type="submit" value="Change Password" name="submit">
	</form>
<?php
	}
	
	do_footer ();
}
?>